Path and query parameters are not decoded properly UndertowOptions#ALLOW_ENCODED_SLASH in JBoss EAP 7.4

Solution Unverified - Updated 13 Jun 2024

Environment

Red Hat Enterprise Application Platform (EAP) 7.4

Issue

path& query parameters are not decoded properly due to flag/meaning switch of flag

This means that not only parts of code had wrong value hardcoded, but UndertowOptions#ALLOW_ENCODED_SLASH had opposite meaning.

Using a predicate path-prefix('/foo') -> rewrite('/bar${remaining}') for a request path that already has some url-encoded segments will result in rewritten path being different than intended.

For example, a request to /foo/hello%2Fworld will end up being /bar/hello%252Fworld instead of the expected /bar/hello%2Fworld

I noticed this problem on WildFly in a JAX-RS method that must handle such urlencoded values in a @PathParam

Resolution

In EAP 7.4 Update 9, when UndertowOptions#ALLOW_ENCODED_SLASH is set, it will actually allow the encoded slash where before it did not.

Root Cause

This content is not included.JBEAP-24234 - UndertowOptions#ALLOW_ENCODED_SLASH has opposite effect and parts of path/query are decoded in bad way
This content is not included.UNDERTOW-2200 - Path and query parameters are not decoded properly due to flag switch.

SBR

Product(s)

Red Hat JBoss Enterprise Application Platform

Components

jbossas

Category

Learn more

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.